(2) Vulnerability Details:WebPress
web application has a computer security problem. Hackers can exploit it
by reflected XSS cyber attacks. This may allow a remote attacker to
create a specially crafted request that would execute arbitrary script
code in a user's browser session within the trust relationship between
their browser and the server.Several
other similar products 0-day vulnerabilities have been found by some
other bug researchers before. WebPress has patched some of them. "scip
AG was founded in 2002. We are driven by innovation, sustainability,
transparency, and enjoyment of our work. We are completely self-funded
and are thus in the comfortable position to provide completely
independent and neutral services. Our staff consists of highly
specialized experts who focus on the topic information security and
continuously further their expertise through advanced training".

(2.1) The first security code flaw occurs at “/search.php” page with “&search_param” parameter in HTTP GET.